Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a
| От | Tom Lane |
|---|---|
| Тема | Re: [GENERAL] BUG #1830: Non-super-user must be able to copy from a |
| Дата | |
| Msg-id | 18250.1124462312@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: BUG #1830: Non-super-user must be able to copy from a file (Bruno Wolff III <bruno@wolff.to>) |
| Список | pgsql-bugs |
Martijn van Oosterhout <kleptog@svana.org> writes:
> On Fri, Aug 19, 2005 at 09:15:52AM -0400, Stephen Frost wrote:
>> Personally, I do like the idea of a user-level 'copy server-side files'
>> permission that could be granted to reduce the need for things to run as
>> superuser.
> There is one important point though: The server copying things is
> seriously restricted. No matter how much authentication you do, the
> server cannot *become* you. Hence it cannot access your files unless
> they are world readable.
And maybe not even then. For instance, on a SELinux system, the
postmaster will probably be forbidden by kernel-enforced security
policies from reading or writing any files outside the /var/lib/pgsql/
tree. (This sort of restriction is used for most network-accessible
daemons in SELinux, so as to limit the system's exposure in case someone
manages to crack into the daemon.) Server-side COPY is essentially
useless even for superusers in such a context.
The correct answer to this whole thread is "get some COPY support in
JDBC". It's unlikely you'll persuade anyone that relaxing the
restrictions on server-side file access is a good idea. The thrust
of recent discussions has been more about tightening 'em, in fact.
regards, tom lane
В списке pgsql-bugs по дате отправления: